Why do you have two vlan interfaces (SVIs) on this switch ?

I assume if previously you were using DHCP for both interfaces then this switch could only be acting as L2 and not L3 ie. it is not doing any routing between vlans because the clients wouldn't know the correct default gateway ?

So are you saying you can't ping the switch ?

If so -

a) what IP address are you pinging from ?

b) which switch/router does handles the routing between vlans ?

Jon

Vlan1 is our local LAN (192.168.1.0/24) and lvan2 is our VOIP (call center IP phones) which are connected to an Adtran router on the 10.99.... subnet.

I'm trying to ping from our local LAN  from my ip: 192.168.1.101

Here is the route info from the config on SW3 (the switch we are discussing)

!
ip classless
ip route 0.0.0.0 0.0.0.0 172.23.181.1 254
ip route 0.0.0.0 0.0.0.0 192.168.1.14 254
ip http server
ip http secure-server
!

====================================

Here is the config from the switch connected to the adtran "VOIP" router:

Using 7821 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SW4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
vtp domain fub
vtp mode transparent
ip subnet-zero
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name VOICE
!
!
interface FastEthernet0/1
 description PC/PHONE
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/2
 description PC/PHONE
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
.

.

.
interface FastEthernet0/47
 description PC/PHONE
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/48
 description PC/PHONE (uplink from Adtran 916e Router)
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan 2
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description UPLINK-TO-SW3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/2
 description UPLINK
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/3
 description UPLINK
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/4
 description UPLINK
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface Vlan1
 description DATA-VLAN
 ip address dhcp
!
interface Vlan2
 description VoIP-VLAN
 ip address dhcp
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.14 254
ip route 0.0.0.0 0.0.0.0 172.23.181.1 254
ip route 0.0.0.0 0.0.0.0 172.23.181.1 254
ip route 0.0.0.0 0.0.0.0 192.168.1.14 254
ip http server
ip http secure-server
!
!
control-plane
!
!
!
end

--------------------------------------------

Here is route info from another Cisco Catalyst 3560 (24-port) from the stack

!
interface Vlan1
 ip address 172.16.2.2 255.255.0.0
!

------------------------------------------------------------

This is really confusing ie. -

Here is route info from another Cisco Catalyst 3560 (24-port) from the stack

!
interface Vlan1
 ip address 172.99.99.2 255.255.0.0
!

the subnet used in the above is totally different from the one you applied to SW3 for the same vlan. 

Can you explain that ?

I think we need to understand your network layout and the IP addressing before we can say what you should do.

Jon

I agree with Jon that this is quite confusing. When the switch is operating as a layer 2 switch it really should have only a single interface vlan x to provide layer 3 functionality. On many layer 2 switch I have had the experience that when you configure a second SVI that the first one configured goes to protocol down. But other switches allow multiple SVIs and keep them in the up state. I have also seen situations where having multiple active SVIs on a layer 2 switch caused unexpected behaviors.

And I am quite puzzled at this part of the configuration

ip route 0.0.0.0 0.0.0.0 192.168.1.14 254
ip route 0.0.0.0 0.0.0.0 172.99.99.99 254
ip route 0.0.0.0 0.0.0.0 172.99.99.99 254
ip route 0.0.0.0 0.0.0.0 192.168.1.14 254

As a layer 2 switch I would not expect to see any ip route statements much less attempts to configure 4 default routes (but which duplicate the next hop on two route statements).

HTH

Rick

192.168.1.14 is our firewall

The other route is old, from previous VOIP provider.

I don't understand why the route info is there twice.

In terms of which switch is routing for the data vlan then what is the default gateway set to on the clients in that vlan ?

That IP address will be on one of your switches and hopefully on that switch there should also be a default route (or more than one :-)), pointing to the firewall.

It is a bit confusing how it has been setup.

It sounds like you can ping the switch now but if you want to tidy everything up then let us know and we can perhaps dig a bit deeper and have a look at all the configs.

Jon

Our default gateway on our LAN is the firewall 192.168.1.14.  

In terms of Cisco Switches: we have SW and SW3 and SW4 and Cisco24POE.  Total of 4 Cisco switches.  All Catalyst 3560's.  The first one we got was SW and here is its config (nothing is plugged into Fast eth0/1; also I removed most of the ports as they are all the same):

Using 6721 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW
!
enable secret 5 $1$Fq5g$vvR7eBEpmcarWk6tlMs1o.
!
no aaa new-model
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 description CONNECTION TO SHORETEL FA0/1 ROUTER
 switchport access vlan 2
 switchport mode access
 duplex full
 speed 100
!
interface FastEthernet0/2
!

.

.

interface FastEthernet0/47
 description PHONE + PC
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/48
 description PHONE + PC
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description UPLINK-TO-24port-SW
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 description UPLINK-TO-SW3
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
 ip address dhcp
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 no login
line vty 5 15
 no login
!
!
end

===================

Here is the config from the 24-port switch:

Using 3801 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco24PoE
!
enable secret 5 $1$WH66$Zf7VOSZ5FN96T5AbH/5fM1
enable password <redacted>
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/2
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
.

.

.

interface FastEthernet0/23
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/24
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface GigabitEthernet0/1
description UPLINK-TO-SW
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 172.16.2.2 255.255.0.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password <redacted>
 login
line vty 5 15
 password <redacted>
 login
!
end

=====================================

Here is the config for SW4

Using 7821 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SW4
!
boot-start-marker
boot-end-marker
!
!
username cisco privilege 15 password 7 060506324F41
no aaa new-model
system mtu routing 1500
vtp domain fub
vtp mode transparent
ip subnet-zero
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name VOICE
!
!
!
interface FastEthernet0/1
 description PC/PHONE
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/2
 description PC/PHONE
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast

.

.

.
interface FastEthernet0/46
 description PC/PHONE
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/47
 description PC/PHONE
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/48
 description PC/PHONE (uplink from Adtran 916e Router)
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan 2
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description UPLINK-TO-SW3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/2
 description UPLINK
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/3
 description UPLINK
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface GigabitEthernet0/4
 description UPLINK
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
!
interface Vlan1
 description DATA-VLAN
 ip address dhcp
!
interface Vlan2
 description VoIP-VLAN
 ip address dhcp
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.14 254
ip route 0.0.0.0 0.0.0.0 172.23.181.1 254
ip route 0.0.0.0 0.0.0.0 172.23.181.1 254
ip route 0.0.0.0 0.0.0.0 192.168.1.14 254
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
 logging synchronous
 login local
line vty 0 4
 logging synchronous
 login local
line vty 5 15
 logging synchronous
 login local
!
end

If the default gateway for the data clients is the firewall then at least for data none of your switches appear to be routing that traffic ie. they are all simply acting as L2 switches even though they are L3 capable.

What is the default gateway for the VOIP clients ?

Do you want to manage all your switches via a static IP ?

Jon

Here is the info off my VOIP phone:

IP Gateway: 10.58.5.129

Subnet Mask: 255.255.255.128

VLAN ID: 2

This is provided by the Adtran router from its dhcp

I want to at least monitor the switches from Nagios (hence the desire to have them accessible via ping with a static IP.

I have never managed a Cisco switch via a static IP but that sounds attractive as well.

sorry for the confusion...I was trying to obvuscate the IP info and that was a poor choice on my part.  I updated the above config info.  correcting the IP's.  Basically we have a flat data LAN on 192.168.1.0/24 and our current VOIP circuit starts with 10.58.5...   The Cisco switches are all Catalyst 3560 switches and our previous voice provider was managing them and now I'm trying to manage them.  All that to say, I believe the 172.... routes are all old and unused.  I'm not sure what is managing the routes.  How can I find out?

Now the switch is pingable...not sure what happened.  I can ping it at 192.168.1.13

In regards to the vlan1 on the 24-port Cisco....

!
interface Vlan1
 ip address 172.99.99.2 255.255.0.0
! 

should read:

!
interface Vlan1
 ip address 172.16.2.2 255.255.0.0
!

I think this is an erroneous vlan1 definition on this 24-port Cisco as all the ports are setup to use voip and data...here's the full config:

Using 3801 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco24PoE
!
enable secret 5 $1$WH66$Zf7VOSZ5FN96T5AbH/5fM1
enable password <redacted>
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/2
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/3
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/4
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/5
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/6
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/7
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/8
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/9
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/10
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/11
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/12
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/13
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/14
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/15
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/16
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/17
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/18
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/19
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/20
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/21
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/22
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/23
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface FastEthernet0/24
 description PCs & Phones
 switchport mode access
 switchport voice vlan 2
 spanning-tree portfast
!
interface GigabitEthernet0/1
description UPLINK-TO-SW
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 172.16.2.2 255.255.0.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password <redacted>
 login
line vty 5 15
 password <redacted>
 login
!
end